CA3036543A1 - Methods and systems for implementing and monitoring process safety management - Google Patents

Methods and systems for implementing and monitoring process safety management Download PDF

Info

Publication number
CA3036543A1
CA3036543A1 CA3036543A CA3036543A CA3036543A1 CA 3036543 A1 CA3036543 A1 CA 3036543A1 CA 3036543 A CA3036543 A CA 3036543A CA 3036543 A CA3036543 A CA 3036543A CA 3036543 A1 CA3036543 A1 CA 3036543A1
Authority
CA
Canada
Prior art keywords
hazardous
facility
risk
pha
safeguards
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
CA3036543A
Other languages
French (fr)
Inventor
Kenneth George BINGHAM
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Acm Risk Sciences & Development Inc
Original Assignee
Acm Risk Sciences & Development Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Acm Risk Sciences & Development Inc filed Critical Acm Risk Sciences & Development Inc
Priority to CA3036543A priority Critical patent/CA3036543A1/en
Priority to US17/438,680 priority patent/US20220148114A1/en
Priority to CA3133390A priority patent/CA3133390A1/en
Priority to PCT/CA2020/050343 priority patent/WO2020181392A1/en
Publication of CA3036543A1 publication Critical patent/CA3036543A1/en
Abandoned legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/04Manufacturing
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Landscapes

  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Engineering & Computer Science (AREA)
  • Strategic Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Economics (AREA)
  • Operations Research (AREA)
  • Game Theory and Decision Science (AREA)
  • Development Economics (AREA)
  • Marketing (AREA)
  • Educational Administration (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Methods and systems for monitoring and implementing process safety management of a facility comprise: processing a plurality of disparate process hazard analysis (PHA) data sets to generate a relational database, the processing including: a) categorizing and classifying data elements of each PHA
data set, the categories and classifications consistent between all PHA data sets; b) generating a plurality of hazardous scenarios by identifying a plurality of hazardous events and assigning said data elements to each hazardous event; c) grouping together two or more of said hazardous scenarios so as to generate a group representation. A risk analysis procedure is performed on an identified hazardous event in the relational database, the identified hazardous event belonging to at least one hazardous scenario forming at least one grouped representation.

Description

METHODS AND SYSTEMS FOR IMPLEMENTING AND MONITORING PROCESS SAFETY MANAGEMENT
Field The present disclosure relates to implementing and monitoring process safety management; in particular, the present disclosure relates to methods and systems for implementing and monitoring improvements to process safety where the improvements arise from process hazard analysis studies.
Background Industrial facilities which handle or process unsafe chemicals, such as refineries, gas plants and upgrading plants, are comprised of engineered, complex systems for handling, utilizing and storing those chemicals. It is a reality that anything humans build or operate is vulnerable to failure. Facility operators undertake expensive hazard assessments of their facilities, in an effort to identify potential hazards and safeguards which will either prevent the hazardous event, or otherwise mitigate the consequences of a hazardous event. (As used throughout this document, the term "hazardous event"
refers to events resulting in death or personal injury, and also refers to other types of unwanted events which result in, for example, negative economic or environmental impacts).
The process hazard analysis (PHA) requires the investigation of deviations from design intent for a process or system by a team of individuals with expertise in different areas, such as engineering, chemistry, safety, operations, and maintenance. The PHA is based on the principle that several experts with different backgrounds can interact and better identify problems when working together than when working separately and combining their results.
A typical PHA study results in a number of spreadsheets containing raw PHA
data. As shown in Figure 1, a first facility 100 may perform a PHA study, resulting in a pile of spreadsheets 102 containing recommendations for improving safety at facility 100; similarly, a second facility 110 may perform a PHA
study resulting in a pile of spreadsheets 112 and a third facility 120 may perform a PHA study resulting in a pile of spreadsheets 114. None of the facilities 100, 110, 120 have any access to the results of the PHA
studies of the other facilities. The PHA raw data, contained in the spreadsheets 102, 112 and 114, consists of natural language descriptions of different facility components, hazardous events associated with those components, causes and consequences of hazardous events, the safeguards that are presently in place, and recommended safeguards which are designed to lower the risk of a hazardous scenario potentially occurring.

Despite the resources directed to hazard assessments, unsafe days can and do occur. The term "unsafe days" refers to the hazardous events that may occur from time to time at a facility ¨ examples of such hazardous events include fires, explosions and the release of contaminants into the environment, potentially resulting in injuries or death, damage and environmental harm.
When unsafe days occur, the cost to the facility's operators, in terms of harm to employees, loss of production, capital loss, lowered stock price, possible liability, and reputational harm, can be significant. Typically, the response to an unsafe day involves engaging in a detailed investigation of the events and, with the benefit of hindsight, solutions are engineered to reduce the likelihood of that specific hazardous event (or incident, or accident) from recurring in the future. In this manner, solutions are identified and implemented in response to a hazardous event, resulting in an incident or an accident: one fix at a time, one facility at a time, after a loss has already occurred.
Because the process safety endeavours described above are directed to reducing or mitigating known hazards, or preventing a hazardous event which has already occurred from developing again in the future, such endeavours are focused on addressing the causes of hazardous scenarios that are already known, while sometimes failing to identify other, unknown hazardous scenarios which may develop in the future. Because the process units, systems and processes of a given facility are typically complex and involve many components (such as structures, or pieces of equipment) which affect one another, it may not be possible for a team of engineers and professionals at a particular facility to identify every possible hazardous scenario when undertaking a PHA study.
Furthermore, when an unsafe day occurs and an investigation is carried out on the accident or incident, the resulting reports and recommendations are typically not shared outside the facility, or beyond the operator of the facility. Therefore, other facilities owned by different operators typically do not receive the benefit of the information and recommendations generated when reviewing a hazardous event at a particular facility.
When a PHA study is performed, it will typically generate a large number of recommendations for improving process safety. The cost of implementing these recommendations may range from low to high cost, and the difficulty of implementing such recommendations may also range from simple to very difficult. Because it is usually impractical to implement all of the recommendations at the same time, facility managers must prioritize which recommendations are implemented, or which are implemented first. Such decisions are normally driven by budget and convenience considerations, in the absence of
2 information as to which recommendations may have the greatest impact on reducing the identified risks.
Ideally, after completing a PHA study, the facility operator should continually seek to improve safety over time. A PHA study typically provides a snapshot in time of the safety status of the facility, and a list of recommendations to improve safety, which list of recommendations may be implemented, or not, over a period of time following completion of the PHA project. However, the facility itself does not remain static over time, and as changes are made to the facility, the likelihood of various hazardous scenarios materializing will also change over time, which may impact the effectiveness of the recommended safeguards on reducing or mitigating such risks. Furthermore, after a facility operator spends significant money on implementing various recommendations derived from a PHA project, the facility operator may tend to believe that the safety improvements implemented are sufficient to address the risks identified, when in fact the risks, and safeguards required to prevent or mitigate the hazardous events from materializing, may change to the extent that the effectiveness of those recommendations is reduced or eliminated.
Summary The applicant has discovered that identifying and defining the interrelationships between different elements of a facility, including elements of the process units of the facility, and calculating the impact of each of those elements on the risk that a hazardous scenario will develop into a hazardous event, enables the ability to apply data analytics techniques to such PHA data so as to derive useful information and insights about improving process safety of that facility.
In one aspect, processing a plurality of disparate PHA data sets, including disparate written reports, obtained for facilities of different operators and possibly extending across different industries, so as to classify and uniformly categorize the individual data elements of each data set, results in the generation .. of a relational database containing PHA data elements from a plurality of unrelated or different PHA
data sets, which may then be compared and analysed across the relational database. The processing may further include enhancing the PHA data by mapping additional information or data onto the existing, categorized data elements, which additional information may be utilized to obtain additional insights into the interrelationships between the data, and enhance the insights that may be extracted by applying analytics to the enhanced PHA data.
3 In addition to classifying and categorizing the PHA data, the processing may preferably further include grouping together data elements around an identified hazardous event, so as to create a so-called "bowtie" visual depicting a hazardous scenario, showing the interrelationship of the data elements (in other words, the causes, consequences, and safeguards), relating to that hazardous event.
Furthermore, the relationships between hazardous scenarios may be identified by, for example, identifying data elements which exist in two or more hazardous scenarios, and on that basis linking together the two or more hazardous scenarios so as to obtain a more comprehensive understanding of the risk associated with hazardous scenarios sharing the same hazardous event, consequence severity and point of reference (for example, the hazardous scenarios existing in the same area of a facility).
In another aspect, analytics, which are used to track whether operative and strategic process safety goals are being met, may be assembled into sets so as to produce a graphical representation of a profile of that facility; examples of graphical representations of the profile may include, but are not limited to, a profile line or a radar chart. The profile of the facility may then be compared to a benchmark profile, which is generated from the data contained in the relational database of a set of comparable benchmark facilities. This comparison of the facility's profile against a benchmark profile may provide an efficient visual indication of whether a facility is achieving its process safety goals, as compared to the benchmark profile.
Additional aspects, including those described below, build upon the processing of the PHA data sets and applying analytics to the processed PHA data, described above. In another aspect, data analytics may be applied to the relational database to identify which of the data elements of a given category are most critical; for example, identifying the most critical hazardous scenario, or cause, or safeguard. Identifying the most critical safeguards, for example, may enable the prioritization of recommended safeguards so as to reduce the risk of unwanted, or hazardous, events from occurring.
In another aspect, data analytics may be applied to the relational database to determine the probability of a hazardous event or a consequence occurring within a selected timeframe, within different frames of reference of the facility. For example, it may be predicted that a hazardous event "X" has a probability of 82% occurring within the next five years. The frame of reference may include, for example, assuming that all of the safeguards are in place; assuming that none of the safeguards are in place; or assuming that the actual safeguards of the facility are in place, at the time the predictive inquiry is made. The scope of PHA data taken into account in the predictive calculation may include, for example, predicting a particular hazardous event "X" may occur in a process unit; a facility; or across any of the facilities of the
4 operator. Applications for such an insight may include, but are not limited to, enabling a facility operator to realize that a hazardous event is imminent, thereby causing the operator to take action on implementing or maintaining safeguards.
In another aspect, the processes and techniques described herein may be applied to combine risk and financial information by quantifying the amount of risk reduction of a safeguard and comparing that risk reduction to the actual cost of the safeguard, thereby producing a return on investment ("ROI") metric of each safeguard. Such insights may be utilized by a facility manager to prioritize improvements to process safety based on which recommendations will yield the greatest risk reduction, relative to the cost of implementing that improvement to process safety.
The systems and methods described herein may therefore enable facility managers to harness not only the engineering knowledge of personnel at a given facility, but to harness the engineering knowledge and learnings generated from process hazard assessments and unsafe day studies from numerous other facilities. In some instances, the harnessing of such broad sets of data may enable identification of previously unknown risks or hazardous scenarios in a given facility. In other instances, the methods and systems described herein may enable extracting additional insights and recommendations regarding how to improve safety of a single facility, based only on PHA data generated for that single facility, because the methods and systems described herein may enable improved prioritization of recommended safeguards by identifying the most critical hazardous scenarios, safeguards and recommended safeguards by identifying the interrelationships between different hazardous scenarios (graphically represented by bowtie diagrams) and thereby taking into account the total impact of various safeguards on different hazard scenarios which are interrelated.
Furthermore, in some aspects of the present disclosure, the recommendations derived from performing a risk analysis on the data in the relational database may include ranking the hazardous scenarios, the causes, the safeguards and the consequences to thereby identify, for example, which safeguards are most critical and should therefore be implemented first.
In an aspect of the present disclosure, a method for improving process safety of a facility of an operator comprises: processing a plurality of process hazard analysis (PHA) data sets to generate a relational database, wherein at least one PHA data set relates to the facility, the processing steps including: a) categorizing and classifying data elements of each PHA data set into corresponding categories and classifications which are consistent between all PHA data sets; b) generating a plurality of hazardous scenarios by identifying a plurality of hazardous events and assigning said data elements to each
5 hazardous event; c) grouping together two or more of said hazardous scenarios so as to generate a group representation, wherein the said two or more hazardous scenarios share at least a common hazardous event and a common said data element. A risk analysis procedure is performed on an identified hazardous event in the relational database, the identified hazardous event belonging to at least one hazardous scenario forming at least one grouped representation in the relational database, the performance of the risk analysis procedure comprising: a) identifying one or more causes of the identified hazardous event and a frequency of each identified one or more causes; b) identifying one or more safeguards of the identified hazardous event impacting each cause and a probability of failure on demand (PFD) of each identified safeguard; c) calculating a mitigated frequency of each cause of the identified hazardous event by multiplying the frequency of each cause by the PFD of each safeguard impacting each cause; d) calculating a total mitigated frequency of the identified hazardous event by summing the mitigated frequency of each cause; e) comparing the total mitigated frequency to a tolerable frequency of the identified hazardous event; f) outputting a recommendation for reducing the risk of the identified hazardous event of the facility when the total mitigated frequency exceeds the tolerable frequency. The method may further include the step of implementing the at least one recommendation at the facility.
In another aspect, the categories referred to in the above method may be selected from the group comprising: a cause, a safeguard, a recommendation, a consequence.
In another aspect of the method described above, the step of processing a plurality of PHA data sets further includes classifying a severity of the consequence of each hazardous scenario of the plurality of hazardous scenarios; and wherein the step of grouping together two or more hazardous scenarios includes selecting two or more hazardous scenarios for grouping together which two or more hazardous scenarios share equally classified severity of consequences.
In another aspect of the above method, the common data element is a safeguard and the step of grouping together two or more hazardous scenarios includes grouping together at least a hazardous scenario of the facility and a hazardous scenario of at least a second facility. In some embodiments, the second facility is operated by a second operator unrelated to the first operator.
In another aspect of the present disclosure, the step of performing a risk analysis on the relational database, in the methods described above, may include performing a criticality analysis on a selected category of data elements of the facility, and the output of the risk analysis includes identifying a critical
6 data element of the selected category of data elements of the facility, and the at least one recommendation includes a plurality of recommended actions, the plurality of recommended actions prioritized on the basis of which recommended actions will impact the identified critical data element.
In another aspect of the above methods, the at least one recommendation comprises implementing a new safeguard.
In another aspect of the present disclosure, a system for improving process safety of the facility may comprise: a relational database comprising a plurality of PHA data sets, each PHA data set containing categorized and classified safety data elements wherein the categories and classifications of the safety data elements are consistent between all PHA data sets; a risk analysis module configured to identify and retrieve safety data elements from the relational database in accordance with a risk analysis criteria and perform a risk analysis on the retrieved safety data elements; and a device for displaying an output of the risk analysis.
In an embodiment of the system described above, the plurality of PHA data sets includes PHA data sets relating to two or more facilities. The two or more facilities may be operated by two or more operators, wherein the two or more operators are unrelated to each other.
In another aspect of the present disclosure, a method for improving process safety of a facility by identifying patterns in process hazard analysis data obtained from a plurality of facilities comprises the steps of: a) processing a plurality of PHA data sets obtained from the plurality of facilities so as to generate a relational database wherein at least one of the processed PHA data sets relates to the facility, the relational database comprising: processed data elements; a plurality of hazard scenarios, each hazard scenario having assigned data elements selected from the processed data elements; and group representations, the group representations generated by grouping together two or more hazard scenarios wherein the two or more hazard scenarios share at least one common assigned data element;
the steps of the method further including: b) performing a risk analysis on the plurality of hazard scenarios in the relational database to output a recommendation for reducing a risk of a first hazard scenario of the facility, the performing of the risk analysis comprising:
identifying one or more causes of the first hazardous scenario and a frequency of each identified one or more causes; identifying one or more safeguards of the first hazardous scenario impacting each cause and a probability of failure on demand (PFD) of each identified safeguard; calculating a mitigated frequency of each cause of the first hazardous scenario by multiplying the frequency of each cause by the PFD of each safeguard impacting each cause; calculating a total mitigated frequency of the first hazardous scenario by summing the
7 mitigated frequency of each cause; comparing the total mitigated frequency to a tolerable frequency of the first hazardous scenario; and outputting the recommendation for reducing the risk of the first hazardous scenario of the facility when the total mitigated frequency exceeds the tolerable frequency, wherein the recommendation comprises adding a new safeguard.
Brief Description of the Figures Figure 1 is a diagram illustrating an aspect of the prior art.
Figures 2A and 2B are line graphs, according to an aspect of the present disclosure.
Figures 3A - 3D are bowtie diagrams, according to an aspect of the present disclosure.
Figure 4 is a schematic, according to an aspect of the present disclosure, illustrating the calculation of a mitigated frequency of a grouped representation.
Figure 5 is a graphical representation of critical data elements, according to an aspect of the present disclosure.
Figure 6 is an example calculation of the frequency of a consequence excluding a safeguard, according to an aspect of the present disclosure.
Figure 7 is an example calculation of the frequency of a consequence including a safeguard, according to an aspect of the present disclosure.
Figures 8A ¨ 8B are graphical representations of residual risk accumulation, with and without safeguards in place, in accordance with an aspect of the present disclosure.
Figures 9A ¨ 9C are graphical representations of residual risk accumulation, with and without safeguards in place, in accordance with an aspect of the present disclosure.
Figure 10A is a bowtie diagram and an example of a predictive calculation on the hazardous scenario depicted in that bowtie diagram, in accordance with an aspect of the present disclosure.
Figures 10B ¨ 10G are further examples of the predictive calculation on the hazardous scenario depicted in a bowtie diagram of Figure 10A.
8 Figure 11A is a block diagram illustrating the elements of the Process Safety Management System, including independent protection layers, in accordance with an aspect of the present disclosure.
Figure 11B is a logic flow diagram illustrating a process for benchmarking in relation to profile learnings, in accordance with an aspect of the present disclosure.
Figures 12A ¨ 12F are a series of schematic diagrams illustrating the application of an ideal facility in relation to profile learnings, in accordance with an aspect of the present disclosure.
Figure 13 is a work flow diagram for PHA analytics, in accordance with an aspect of the present disclosure.
Detailed Description Learnings Generator First Learnings PHA analysis requires the investigation of deviations from design intent for a process or system by a team of individuals with expertise in different areas, such as engineering, chemistry, safety, operations, and maintenance. During a PHA study, the team is responsible for assessing the process risk materializing from various process deviations, and determining the consequence and severity of potential hazardous events that may occur, including the identification of cause-consequence pairs relating to each potential hazardous event identified. The team lists all safeguards that may be used to either prevent the hazardous event from happening, or to mitigate the consequences resulting from the hazardous event. The resulting data consists of natural-language descriptors of hazardous events, the causes and consequences of those hazardous events, and the safeguards which may prevent or mitigate the hazardous event. Each descriptor may be considered a "data element" of the PHA data set.
The raw PHA data captured in the studies described above may be processed and loaded into a relational database. In some embodiments of the present disclosure, processing the raw PHA data includes manually reviewing the PHA data, such as may be presented in a spreadsheet, and assigning metatags to each data element which ascribes certain attributes to the data element. For example, processing the data may include manually reviewing each data element, which is for example a Cause, Safeguard, Recommendation or a Consequence, and categorizing that particular data element as one of
9 a fixed list of categories. For example, there are four different "Cause"
categories; namely, Human Error, Equipment Failure, External Event or Undetermined. Furthermore, each data element which is a Safeguard may be classified as either a "Preventative" safeguard, because the safeguard prevents the hazardous event from potentially occurring; or a "Mitigative" safeguard, because the safeguard avoids or reduces the potential impact (or consequences) of the hazardous event that has occurred. Both preventative and mitigative safeguards are considered to be risk mitigating, or in other words, mitigating the likelihood of the consequences from potentially occurring. Furthermore, processing the data may also include classifying the severity of each of the data elements categorized as "consequences", for example on a scale of 1 ¨ 5, where a severity of "1" indicates the least severe consequence, while a .. severity of "4" or "5" represents the most severe consequence (such as death or injury, destruction or significant damage to a processing unit, significant release of contaminants into the surrounding environment).
Additionally, in some embodiments, processing the data includes associating additional information about each data element with the data element contained in the relational database. For example, associating specific pieces of equipment with particular safeguards, and relating the piping and instrument diagrams to those pieces of equipment to show how the equipment interacts with each other. Another example may be associating a particular equipment component, which is a safeguard, with the equipment's recommended and actual testing and maintenance schedule.
Such additional information associated with the individual data elements may enable the application of various types of analytics so as to obtain insights about risks in the facility, as will be further described below.
Although the processing of the PHA data, described above, may be accomplished manually by a person reviewing a spreadsheet and applying metatags to each data element, the metatags based on the person's categorization and classification of the data, it will be appreciated by a person skilled in the art that other means or methods of processing the PHA data may include, for example, automated processing, which may utilize artificial intelligence to review the natural language descriptors of the PHA
data elements and provide algorithms for completing the classification and categorization of that data.
The utility of processing the raw PHA data is, in one aspect of the present disclosure, to enable comparison and identifying interrelationships between individual data elements across different PHA
data sets, which may, for example, be unrelated as being obtained from different facilities of an operator, or even different facilities of different operators. The PHA data being compared may also span different industries. The raw data sets obtained from PHA studies of different facilities is generally not comparable to other PHA data sets, because of the absence of a standardized manner of describing the different data elements, such as the safeguards, hazards, causes and consequences of a hazardous event. Thus, processing the raw PHA data is required to expand the scope of available PHA data upon which to perform data analytics so as to derive insights into process safety hazards existing in a particular facility.
Once processed, the data is loaded into a relational database, enabling these individual data elements to be exposed to users with intent to gather information. The interaction of these individual data elements extracted from the PHA data set may be referred to as "First Learnings", and form the basis for all other relational learnings that are generated by applying various risk analytics to the data, generating what are otherwise referred to herein as "Profile Learnings."
Risk Analysis and Risk Assessment Hazard Identification and Risk Analysis is an activity performed to estimate the risk level of a credible hazardous scenario, and consists in answering the following fundamental questions:
(1) What can go wrong that could lead to a hazard exposure and loss event?
(2) How likely is the hazardous event to happen?
(3) If the hazardous event happens, how likely are the consequences resulting from the hazardous event?
Risk is a combination of the probability of the occurrence of a harm (otherwise referred to herein as a "consequence"), and the severity of that harm or consequence. (See technical standard IEC 61511 - 1, 3.2.64). Assuming continuous exposure to the hazardous situation, risk may therefore be calculated as follows:
Risk = Probability x Consequence (Severity) Equation 1 Profile Learnings In one aspect of the present disclosure, Profile Learnings consist of analytics applied to the processed data contained in the relational database, enabling measurement of various different performance indicators that are of particular interest to a facility operator. The range of analytics is broad, and may focus on any number of elements in a given facility. For example, analytics relating to causes, consequences, preventative safeguards and/or mitigating safeguards may be generated. allow for the ease of identification of the specific, significant ways in which one facility differs from a base line benchmark set of comparator facilities, thereby providing insights which assist an organization to achieve their process safety objectives. A core component of Profile Learnings is the analytics which produce insights into the performance of the facility, and performance questions regarding those insights. Analytics may help organizations understand how well they are performing in relation to their strategic and/or operational goals and objectives. In general, an analytic provides performance information which may enable organizations, or their stakeholders, to understand whether the organization is on track towards achieving their process safety objectives.
There are two general types of analytics: operational and strategic. They also may be relative to an entire facility, or specific to a point of reference inside the facility (for example, areas in the facility, process units in the facility, specific process equipment within the facility).
One application of safety performance analytics is to benchmark the performance of a given facility against a chosen benchmark population of other facilities; for example, the benchmark facilities may be other facilities of the operator; or similar facilities of other operators, unrelated to the first operator, in a given industry. Another application of safety performance analytics is to drive assessment of a facility's safety performance, by highlighting areas of concern that require investigation and action.
Performance questions, which may be used in assessing the performance of the facility, must be linked to the strategic or operational performance objectives of the facility over a given time period. First, a strategy may be defined and strategic or operational objectives are mapped out. Once the strategic or operational objectives have been mapped out, performance questions may be designed to address those strategic objectives; whereas, analytics are quantifiable, outcome-based statements. Analytics provide for the quantification of the strategic (or operational) goals and objectives. Examples of Strategic analytics may include, for example, performance levels or targets to be achieved within a specified timeframe; such as, absolute targets (increase a metric by 5);
proportional targets (increase a metric by 5%); relative to benchmarks (within top three medium-sized gas plants in our area); relative to costs or budgets (reduce by 5% the level of cost).
Operational analytics, on the other hand, are for measuring, in some embodiments in real-time or near real-time, the safe operating status of a facility. Examples of operational analytics may include:
operating procedures (track number of times operators execute an operating procedure incorrectly);

asset integrity and reliability (track number of equipment failures related to identified hazards); and contractor management (track number of contractors not trained; occupancy of contractors).
Profile Learnings ¨ Examples of Performance Questions and Associated Analytics Below are some illustrative examples, not intended to be limiting, of safety performance questions and their associated analytics:
1. Profile lines can help answer specific questions related to Safeguards:
a) Is the process system design inherently safe?
b) Do I have too many conditional modifiers in the HAZOP?
c) How reliant are we on our people to provide us with safeguards?
Examples of safeguard analytics comprising a profile line may include:
a) Number of high-risk hazardous scenarios before safeguards to total number of scenarios before safeguards;
b) Percent reliance on occupancy as a safeguard;
c) Number of human-dependent safeguards to the total number of safeguards;
d) Risk reduction from recommendations to risk reduction from safeguards.
2. Profile lines can help answer specific questions related to Recommendations:
a) What recommendation types provide us with the greatest Risk Reduction Factor?
b) How much Risk Reduction Contribution am I getting from Human Dependent Recommendations?
c) What receptors are my recommendations safeguarding?
Examples of Recommendation Analytics which comprise a profile line may include:
a) Risk Reduction Contribution ("RRC") of mechanical safeguard recommendations to total RRC
b) RRC of human-dependent recommendations to total RRC;
c) Financial receptor safeguard contribution of recommendations.
3. Profile lines can help answer specific questions related to Recommendations:
a) Are our recommendations giving us a valuable return on investment?
b) Which safeguard types give us the largest return on investment?

Examples of Recommendation Analytics which comprise a profile line could include:
a) Number of Category 1 recommendations compared to increase in ROI
b) ROI for category 4 safeguards compared to total ROI
Profile Learnings¨ Graphical Representations By assembling analytics into different sets, a Profile Line allows the user to observe the analytics set or sets in a single, graphical representation, and thereby focus on answering a specific safety performance question of interest. Profile Lines may contain Profile Learnings to assist in tracking operational performance and provide an indication as to whether the organization is tracking towards its strategic goals.
From the Learnings data calculated through performing analytics on the PHA
data sets, hundreds of analytics have been developed, which may be used to benchmark a particular facility's PHA analytics against a chosen baseline. The baseline may be comprised of any available data set; for example, not intended to be limiting, the baseline may comprise peer facilities within the same operator, or peer facilities of other operators. The data in the baseline datasets may also, for example, be selected on the basis of geography, facility type, hazardous chemical, or any number of other characteristics for establishing a baseline profile.
In summary: Strategic analytic measures are about monitoring progress toward achieving a envisioned corporate policy (as opposed to just doing things better). As a result, strategic analytic performance measures do not change often. Whereas, with operational analytic performance measures (doing things better), it is desirable to get closer and closer to "real time" measurement in order to achieve the specific objectives set by a policy.
Profile Learnings¨ Benchmarking Road Map The process of selecting a benchmark, for comparison against a profile line of a facility, is described in the process diagram at Figure 11.
Profile Learnings ¨ Hypothetical Examples For the purpose of illustrating how Profile Learnings may be implemented to identify significant differences between a facility and the benchmark profile, a hypothetical example will be presented with reference to Figures 2A through 2C.

Figure 2A illustrates a profile line graph of Facility 1 (line 200) and Facility 2 (line 210), as compared to an "industry best practice" benchmark profile (line 220). Along the x-axis of the graph, there is represented analytics 1 through 42, grouped together by the following categories: (1) Critical Causes; (2) Critical Potential Occurring Consequences; (3) Critical Preventative Safeguards; and (4) Critical Mitigating Safeguards. As may be seen in Fig. 2A, the profile lines of the Critical Mitigating Safeguards category of analytics are substantially similar to each other. However, the profile lines of the Critical Preventative Safeguards category of analytics shows significant deviations between the Industry Best Practices benchmark profile and the profiles of Facilities 1 and 2.
Figure 28 illustrates a close-up view of a section of a profile line in a different hypothetical example, showing how analytics may be used not only to compare analytics between facilities, but also to compare analytics between particular safeguards within a facility. In this profile line, there are shown two specific safeguards of a given facility (Gas detection system for LEL with alarm with operator action, line 230; and personnel in area less than 10% of the time, line 240) as compared against a benchmark consisting of the average of all safeguards within a facility or processing unit of an operator (line 250).
As can be seen in Figure 28, examples of analytics relating to critical preventative safeguards include, for example, the consequence severity before safeguards (261), the number of causes related to the safeguard (262), the risk increase per hazard and operability study (HAZOP) upon safeguard removal (263) and the risk increase per scenario upon safeguard removal (264). In respect of the first analytic, the consequence severity before the safeguard is in place (261), the calculated value of the analytic is equal between each of the different safeguard types (230, 240) and the average of all the safeguards of this particular facility (250). However, it may be seen that the number of causes related to each safeguard is dramatically different, wherein safeguards 230 and 240 have a large number of causes related to them, as compared to the average of all safeguards of the operator within this facility. This may be an indication, for example, of how critical safeguards 230 and 240 are as compared to all of the safeguards, as safeguards 230 and 240 play a role in a large number of hazardous scenarios, given their relation to a relatively large number of causes. Similarly, safeguards 230 and 240 also have a large increase in risk per HAZOP upon removing those specific safeguards, as compared to the average risk increase per HAZOP upon removing all of the safeguards 250. This is a second indicator that safeguards 230 and 240 are critical, given the large impact on risk that these two safeguards each have upon their removal, as compared to the average impact on risk in removing any of the safeguards.

It will be appreciated by a person skilled in the art that this concept of creating a profile for a facility, or creating a profile for particular elements within that facility, such as specific critical safeguards, as provided in the examples above, is in no way intended to be limiting, and that the application of the concept of creating analytics and profiling a facility based on those analytics is not so limited, and may .. be advantageously customized to the particular needs of an operator.
Profile Learnings ¨ Ideal Facility Another example of how Profile Learnings may be applied, by aggregating data across facilities to improve the recommendations at a particular facility, is to perform a comparison across facilities of a particular type of processing unit (for example, an amine recovery unit), and utilize that comparison to propose an ideal facility which takes into account all of the PHA data available from all facilities containing an amine recovery unit to propose the most safety efficient performance that would include all validated !earnings relating to that type of process unit (in this example, an amine recovery unit). The ideal facility may be utilized as a model for risk exposure comparison. For example, by calculating the Inherent Risk (in other words, the risk without safeguards) and the Risk reduction factor that is provided by safeguards.
Therefore, the inherent risk of the "Ideal Facility" may be compared with any other facility's inherent risk, and thereby derive a percentage of undiscovered [earnings in the target facility under review that would contribute to a percentage of inadvertent, or undiscovered, risk exposure. The use of the "Ideal Facility" model would therefore enable identification of previously undiscovered risk exposures that were not previously discovered through traditional PHA studies, For example, see Figs. 12A ¨ 12C, showing undiscovered risk exposures in the colour red for an amine recovery unit at the facility under review. Furthermore, a measure of risk reduction required to cover this (previously undiscovered) risk exposure may be provided. For example, see Figs. 12D ¨ 12F, showing that the previously undiscovered risk exposures (indicated in red) in Figs. 12A ¨ 12C have now been identified in the facility under review (the previously red data elements now shown in green in Figs. 12E ¨ 12F).
Inherent risk can be compared with any other facility inherent risk, and a percentage of undiscovered !earnings that would give a percentage of inadvertent or undiscovered, risk exposure.
One example of how operational performance analytics may be used, is to utilize the PHA data of a given facility to validate the operational integrity of the safeguards that were used in a Hazard and Operability (HAZOP) study to reduce the risk of hazardous consequences, and determine the criticality of the out-of-service safeguards (in other words, by calculating the risk reduction contribution (RRC) of those out-of-service safeguards). Finally, one may determine the facility's risk exposure by comparing the risk reduction claimed in the HAZOP study to the safeguard risk reduction effectiveness and availability as determined from the historical PHA data. Furthermore, utilizing this procedure enables forecasting of the risk accumulation over time if the safeguards are not brought back into service (per the Predictability Learnings discussed elsewhere in this application).
The following are several examples of the types of performance questions that may be addressed with the assistance of profile lines or Profile Learnings. It will be appreciated that these examples are not intended to be limiting and that many other analytics may be addressed with the assistance of profile lines and Profile Learnings.
Predictive Learnings A prediction is a probabilistic statement that something will happen in the future, based on what is known today. A prediction generally assumes that future changes in related conditions will not have a significant influence.
Predictive Learnings based on PHA data will tell the user the probability of experiencing a hazardous event or an accident (consequence) in a given time frame. In one aspect of the present disclosure, these probabilities may be provided in at least three frames of reference: (1) with all safeguards in place; (2) with no safeguards in place; and (3) with the actual safeguard status taken into account. These three probabilities, which form the basis for Predictive Learnings, may be calculated at varying scopes; for example, the calculations may be based upon all facilities of a company or operator, or a specific facility within a company, or a specific processing unit within a facility.
More specifically, Predictive Learnings are derived from the realization that a scenario, such as a hazard scenario identified in a PHA study, has the likelihood, or probability, to occur within a given period of time, referred to as the Time to Failure (TTF). Additionally, Predictive Learnings may be based upon the observed mean time to failure (MTTF) of multiple units of a generic piece of equipment that has been in operation at a facility, which MTTF is calculated by taking the average of the observed TTF of the multiple units of equipment. MTTF may also be provided, for example, by the manufacturer of a piece of equipment and is based upon the average time to failure of several units of the equipment.

Generally speaking, the risk exposure of an incident or accident expected to occur will increase over time. As an example of how predictability based on expected time to occur (TTO) works, the example not intended to be limiting: suppose a hypothetical piece of equipment has, on average, the probability that it will malfunction once in a period of two years. That probability converts to the average probability of 50% that the equipment will fail within the first year of operation. However, if that piece of equipment operates for 23 months without malfunction, then the probability that the equipment will malfunction in the next month is very high ¨ in the range of 95% - 99%
certainty, depending on the accuracy of the original TTF estimation of one malfunction in two years.
Assuming that the malfunction of this piece of equipment is linked to a hazardous scenario as the initiator of the hazardous event, and that there are no safeguards in place, the likelihood of equipment malfunctioning would be equivalent to the likelihood of the resulting harmful consequence of the hazardous scenario. Thus, in the above hypothetical example, the probability of a harmful consequence occurring would be within two years of when the hazardous process was initiated (based on the assumption that there are no safeguards in place). Similarly, the probability of that harmful event would increase over time, such that after 23 months of operating the equipment without malfunction, the probability of the harmful consequence occurring in the next month would be in the range of 95% - 99%.
Risk exposure over time may be expressed in the following calculation; a graphical representation of the risk exposure over time is also illustrated in the graphs presented at Figures 8A and 8B:
Risk(of damage or harm) = Likelihood x Consequence x Time Exposure Equation 2 Although the risk exposure increases overtime, the likelihood of a hazardous event materializing may be reduced by the use of preventing constraints (safeguards) to stop the release of potentially damaging energy; and additionally reduced by the use of mitigating constraints to minimize or reduce the uncontrollable release of potentially damaging energy. The use of such safeguards (in other words, preventing constraints and mitigating constraints), may sufficiently lower the risk exposure to a tolerable level. For example, see Figs. 9A ¨ 9C, which presents a graphical representation of the impact that safeguards may have on the probability of a hazardous or damaging event occurring over time.
Keeping with the example of a hypothetical scenario involving a system of multiple pieces of equipment working together within the system, the hypothetical scenario having an expected time to occur (TTO) of two years, Fig. 9A shows the probability of equipment failure leading to a damaging event after 23 months of operation without any malfunction, rises to 94% in the absence of safeguards. However, Fig.
99 shows that, by implementing safeguards, the probability of equipment failure leading to a damaging event after 23 months of operating without any malfunction, drops to 54%.
Figure 9C shows that the relationship between the risk exposure and the probability of a hazardous event occurring are related;
namely, the area under the curve of the risk exposure vs. time graph results in the probability vs. time graph.
Predictability Leamings¨ Detailed Calculation of a Hypothetical Example Figures 10A through 106 provide a detailed example of how the probability of a hazardous event may be calculated, taking multiple safeguards into account. As illustrated in Fig.
10A, a hazardous scenario is illustrated in a bowtie diagram, showing seven different possible causes (reflux pump failure, reflux valve fails to close, two different problems with basic process control, human error, very low temperature and power black-out) and the likelihood of each cause occurring, leading to an unwanted event. Preventative safeguards P1, P3, P4 and P6 are also illustrated on the bowtie, and the probability of failure on demand (PFD) for each safeguard is also provided. The Current Total Mitigated Unwanted Event Likelihood (MUELT) is calculated by multiplying the likelihood of each cause by the PFD of each safeguard related to that cause, to derive the current mitigated unwanted event likelihood of that particular cause (MUELX, where X = 1 to 7), and then MUELT is arrived at by adding the seven MUEL
figures together.
On the other side of the bowtie, the Current Total Mitigated Consequence Likelihood (MCLT) is similarly calculated by calculating the individual mitigated consequence likelihoods of causes 1 through 7 (MCL1 through MCL7), and then adding each of those values to derive MCLT (total).
However, in this case, the PFD of each safeguard that mitigates a particular cause, as well as the PFD of the safeguard mitigating the particular consequence, is included in the calculation of MCL1 through MCL7.
The calculated MCLT and MUELT values are then used to calculate the probability of occurrence function, or F(t), as follows:
F(t) = 1 ¨ e4t Equation 3 Where A is the failure rate (for example, how often does the piece of equipment fail per year?) and t is the reference time period on which the rate of failure is based (for example, one year). From this function, the expected time to failure (TTF), when referring to a single component in the system, or expected time to occur (TTO), when referring to the subsystem of a scenario including multiple pieces of equipment working together in the subsystem, is calculated as follows:
TIT = [1 ¨ FM]) Equation 4 As shown in Fig. 1013, the TTF is predicted to be 7.5 months, assuming that none of the safeguards are in place. Applying this calculation to a selected time interval of, for example, three years, as shown in Fig.
10C, it may be predicted that over the selected time interval of three years, assuming no safeguards in place, we can predict that the hazardous event may occur in 7.5 months, which means that 79% of the three year period we can expect the exposure to the risk of this particular hazardous event to be a high exposure.
Referring now to Fig. 10D, we can apply the same set of calculations to a scenario where one of the safeguards (safeguard P3) is in place, so as to see the impact on the predicted expected time to occur (TTO) for the hazardous event to occur. Indeed, the addition of the one safeguard (P3) changes the predicted TTF to a period of 94.1 months, or 7.84 years. As shown in Fig. 10E, we can see that selecting a time interval of 3 years yields the result of being 38% closer to a predicted failure, at the three year mark, because the predicted TTF of 7.84 years exceeds our selected time period of 3 years. Even selecting a different time interval, for example 5 years, provides us with the result of being 64% closer to the predicted time of failure (TTF) because the predicted TTF of 7.84 years still exceeds our selected time interval of 5 years. In other words, it may be easily seen that adding one safeguard (P3) has the impact of greatly extending the predicted TTF, from 7.5 months to 94.1 months, thereby greatly reducing the exposure to risk over a selected time interval, of say three years or five years. Similarly, running the same calculations with two safeguards in place (P3 and P4), as shown in Fig. 10F, yields the result that the predicted TTF is extended to 969.6 months or 80.8 years, which is a further, significant reduction in exposure to the risk of the hazardous event occurring over either of the selected time intervals of three years or five years.

In summary, Predictive Learnings provide organizations the ability to view their risk on the aggregate, so as to determine whether they are getting "closer to," or "farther from," an incident or accident. This knowledge may assist facility operators in becoming more aware of current risk levels at a facility, and thereby change the behavior of site personnel appropriately, based on the presently assessed risk level .. of the facility. Continuous feedback obtained from Predictive Learnings, and response to that feedback, may result in better understanding, by leadership and management, of the organization's structure within the facility and the interactive dynamics between them. When the facility system and subsystems have received sufficient feedback, the results can produce more clearly directed planning, intelligent design, useful products and necessary services.
.. Group Learnings First Learnings do not always provide a comprehensive risk picture of the total risk associated with several hazardous scenarios that share a common hazardous event and consequence severity. The applicant has discovered that by grouping together two or more hazardous scenarios, represented by bowties, which share a common hazardous event and consequence severity, it is possible to obtain a .. more comprehensive analysis of the level of risk associated with a particular area ¨ for example, a processing unit within a facility. This relational attribute of the grouping of two or more hazardous scenarios is referred to herein as a "grouped representation," and may also be referred to as "Group Learnings" by the Applicant.
Firstly, grouping hazardous scenarios may be visualized by creating a "bowtie"
diagram, which is a visual representation of the causes, consequences, safeguards, conditional enablers and modifiers relating to a same consequence and hazardous event. The criteria for constructing a bowtie includes identifying the multiple causes or initiating events leading to the same hazardous event, in same geographic area (within a facility or in the same process unit, for example), affecting the same location of interest and having same category consequence severity. Once the data elements meeting the above criteria are identified as leading to a given hazardous event and consequence, the bowtie is completed by identifying the safeguards, conditional enablers and modifiers which may impact that hazardous event and consequence flowing from that hazardous event.
An example of a bowtie 300 is illustrated in Fig. 3A. In this particular example, two potential causes 303a, 303b, and three potential consequences 305a, 305b and 305c are identified in respect of hazardous event 301. Additionally, two safeguards 307a, 307b are identified as potentially preventing the causes 303a, 303b from initiating the hazardous event 301. Although in this example, the safeguards 307a, 307b are shown as each potentially preventing the causes 303a, 303b from initiating the hazardous event 302, as illustrated by crossing the lead lines 304, 304 extending between the cause 303a or 303b and the hazardous event 301, it will be appreciated that not all safeguards will be relevant to preventing all causes from initiating a hazardous event or mitigating all consequences of a hazardous event 301.
In Figure 38, an example of a grouped representation 395 is illustrated. In this example, the hazardous scenario represented by bowtie 300 is grouped together with the hazardous scenarios represented by each of the bowties 310 and 320, because each of the bowties 300, 310 and 320 relate to the same hazardous event 301, and each shares a common data element; specifically, safeguard 307b. Although the common data element in this example and the examples illustrated in Figs.
3B ¨ 3D is a safeguard, grouped representations may be based upon other categories of common data elements; for example, a shared cause or a shared consequence. In this particular example, the bowties 300, 310 and 320 represent hazardous scenarios existing in the same physical location of reference, such as a single facility equipment area.
In Figure 3C, another example of a grouped representation 396 is illustrated.
In this example, hazardous scenarios represented by bowties 300, 310, 320, 330, 340 and 350 are grouped together because each of these bowties relate to the same hazardous event 301, and each shares a common data element;
specifically, safeguard 307b. This time, the bowties 300, 310 and 320 represent hazardous scenarios existing in one physical location, namely Facility A 352 of Company A, and the bowties 330, 340 and 350 represent hazardous scenarios existing in another physical location of the same operator; namely, Facility B 354 of Company A.
In Figure 3D, a further example of a grouped representation 397 is illustrated. In this example, hazardous scenarios represented by bowties 300, 310, 320, 360, 370 and 380 are grouped together because each of these bowties relate to the same hazardous event 301, and each shares a common data element; specifically, safeguard 307b. This time, the bowties 300, 310 and 320 represent hazardous scenarios existing in one physical location, namely Facility A 352 of Company A, and the bowties 360, 370 and 380 represent hazardous scenarios existing in another physical location of a different operator;
namely, Facility A 382 of Company B.

The grouped representations may permit further study and a more detailed risk analysis and assessment, resulting in the generation of recommendations that may lower the overall risk of a hazardous scenario occurring and causing an accident. The outputs from the First Learnings, for example, may include: the risk ranking of the consequences of each identified cause of a process deviation; the existing safeguards; and recommendations to lower the risk to a tolerable level. A Group Learning study may be conducted, however, to further assess the adequacy of the Safety Protection Layers (SPLs) or safeguards that are in place to mitigate against hazardous events relating to process hazards; identify those SPLs or safeguards that do not meet the required risk reduction for a particular hazard; and make reasonable recommendations where a hazardous scenario has a residual risk that requires further risk reduction. In general, a Group Learning study may be performed when the qualitative analysis and risk assessment of the identified first [earnings outputs shows the scenario to be complex or the potential consequences are severe (in other words, classified as "high risk"). Specific examples of criteria that may trigger a grouped study of a group of hazardous scenarios includes, but is not limited, to the following:
= The same safeguard is deployed in multiple locations;
= The severity of a consequence of a given hazard scenario is classified as having a severity of S4 or S5 (on a scale of Si ¨ S5, wherein S5 represents the most severe consequence) = The risk ranking assigned to the hazardous scenario is categorized as 3 (orange), 4 (red) or worse, after the safeguards have been implemented = Any hazardous scenario where there are no existing safeguards, and the risk level is 2 (yellow) or with a severity of S5.
Group Learning Study ¨ Calculations After identifying the hazardous scenarios to be the subject of a grouped study, the group study may proceed by the following steps:
1. Identify causes or initiating events 2. Determine a frequency (per year) for each initiating event 3. Identify protection layers (safeguards) 4. Determine a probability of failure on demand (PFD) for each independent protection layer ("IPL"
or safeguard) 5. The mitigated frequency (MF) for each initiating event is then calculated by multiplying the frequency (of the initiating event) by the PFD of each independent protection layer (safeguard) 6. The total MF for all initiating events is then calculated by summing the individual MFs 7. Compare total MF with tolerable frequency (TF) 8. If the MF is higher than the TF, then make recommendations to mitigate unacceptably high MF
The calculations are as follows:
= x __________________________________ pFpii = fix PFDt, PFD,2 x¨xPFDI
fic is the frequency for consequence C for initiating event i is the initiating event frequency for initiating event i PFDii is the probability of failure on demand of the jth LPL that protects against consequence C for initiating event i.
Equation 5 In summary, the mitigated frequency is essentially a calculation of the frequency of a consequence "C"
for an initiating event "I", taking into consideration the probability of failure on demand ("PFD") of each safeguard that may either prevent the cause from initiating the hazardous event, or which may otherwise mitigate the severity of the consequence after a hazardous event has occurred. In other words, the mitigated frequency (MF) is equal to the frequency for consequence C for initiating event i (f,c) in the Equation 5 above. A visual representation of calculating the total mitigated frequency (MFT) for a grouped representation is shown, for example, in Figure 4.
Having created a relational database, containing processed PHA data in the form of what is referred to as "First Learnings" and "Group Learnings", as described above, additional data analytics processes may be applied to the relational database to obtain further insights into the present or future safety status of a given facility, and additional safeguards that may be required to reduce the probability of a hazardous event occurring.

Ranked Learnings During a PHA study, the team is responsible for assessing the process risk originating from various process deviations or upsets and determining the consequence and severity of potential accidents; in other words, assessing the risk of the identified cause-consequence pairs.
However, resulting data sets can include hundreds or thousands of hazard scenarios, and due to the nature of the data, it is very difficult for process safety engineers to identify the most critical elements (for example, the most critical causes or safeguards). Without the ability to identify the most critical elements in the results of a PHA
study, the process safety engineer may not effectively prioritize allocation of resources towards implementing recommendations so as to effectively and efficiently manage the risk. Criticality assignments are dependent on the point of reference indicated for the element;
criticality may be also obtained from first learnings. For example, criticality obtained from first learnings scenarios are with respect to the entire facility, while criticality obtained from Group learnings scenarios are with respect to a subset of scenarios of the entire facility.
"Ranked Learnings" provides a solution to this challenge, by identifying the most critical causes, safeguards, recommendations and hazardous scenarios of the PHA study. Such insights may be utilized by a facility operator to prioritize maintenance, audit, and implementation of new safeguards (to the extent such action items are applicable).
An example of a Ranked Learnings output, without intending to be limiting, is illustrated in Fig. 5. In that example, Ranked Learnings may appear in the form of prioritized lists, such as a "Top 3 Critical Causes", "Top 3 Critical Safeguards (Existing)" and "Top 3 Critical Recommendations"
(Future Protection Layers).
It will be appreciated by a person skilled in the art that this example of an output is not intended to be limiting; for example, greater or fewer than three "most critical" elements may be displayed on the output list of critical elements.
Each data element within a category (for example, safeguards, causes or consequences) may be ranked and prioritized by using algorithms which are based on the client's risk matrix probabilities of occurring, and other factors. In some embodiments, in addition to ranking the individual data elements of a given category in a PHA data set, the calculations may also be extended to groups of elements, such as a hazardous scenario represented in a bowtie diagram. In this case, all individual data elements of a single bowtie contribute to a criticality calculation, producing a risk-ranked list of the most critical bowties for a given PHA scope (for example, within a particular facility, or across all facilities of an operator).

More specifically, in one aspect of the present disclosure, hazardous scenarios (represented by bowties) may be ranked in terms of criticality, by firstly determining the cumulative risk contribution of all causes leading to the same hazardous event, for the same category of consequence severity, without taking into consideration any safeguards (in other words, calculating "Bowtie Criticality without Safeguards").
Secondly, the cumulative risk contribution of all causes leading to the same hazardous event, for the same category of consequence severity, is calculated with taking into account the presence of safeguards; for example, the safeguards presently in place (in other words, calculating "Bowtie Criticality with Safeguards"). Finally, the cumulative risk contribution of all causes leading to the same hazardous event, for the same category of consequence severity, is calculated with taking into account the presence of safeguards and recommendations (in other words, calculating "Bowtie Criticality with Safeguards and Recommendations").
As an illustrative example of how these sets of bowtie criticality calculations may be applied, refer to Figures 6 and 7, which provide a calculation of the rate of mitigating risk reduction of a particular safeguard (or independent protection layer) compared to the total mitigating risk reduction (r). In Fig. 6, the frequency of a consequence is calculated where a safeguard, having a probability of failure on demand PFD2, is included in the calculation. In Fig. 7, the frequency of the same consequence as in Figure 6 is calculated, except that this time the safeguard, having a probability of failure on demand PFD2, is excluded from the calculation. A risk reduction gap ("RRG"), which indicates the effectiveness of a safeguard with respect to effectively mitigating the frequency of a consequence, is calculated by subtracting the frequency of a consequence (f,c) without implementing the safeguard from the frequency of a consequence with implementing the safeguard (f,c). The equation for calculating RRG is as follows:
RRG = fC - E
Equation 6 In other words, the bowtie criticality calculations described above provide for determining the criticality of each safeguard in a given hazardous scenario. Having assigned a value to "how much" the risk of a consequence occurrence is reduced by the presence of a particular safeguard provides a facility operator with the ability to prioritize those safeguards which have the largest RRG, or in other words, the greatest impact on reducing the probability that a given consequence will occur.
Real Cost Learnings "Real Cost Learnings" are insights related to safeguards, which may be quantified by the amount of risk reduction provided by the safeguard, and compared to the actual cost of that safeguard. Therefore, a return on investment ("ROI") factor may be derived using the relation between a risk reduction factor of the safeguard and other "capital and operational cost factors" of the safeguard. The scope of consideration for these risk-based metrics may be, for example, based on a process unit, a facility, or across all facilities of a particular operator, for example (not intended to be limiting).
The Real Cost Learnings may assist a facility manager in making decisions as to where capital should be allocated, and also in which areas spending should either be increased or decreased so as to maximize the value obtained for every dollar spent on process safety measures. The core concept in "Real Cost Learnings" is that risk and financial data may be combined to create a relation which assists organizations in managing their capital and operational resources efficiently.
Specifically, in one aspect of the present disclosure, a "Risk Reduction Effectiveness" (RRE) value is a cost control solution measure with respect to mitigating effective frequency reduction of a consequence.
RRE is a measure of the cost of a risk reduction control solution (such as a safeguard or recommendation) per unit of mitigating frequency reduction.
Referring above in Equation 6 to the calculation of the risk reduction gap (RRG), it may be seen below, in Equation 7, that RRE is calculated:
S
RRE = --RRG
Equation 7 Wherein, "S" is the annualized cost of a risk reduction solution (such as a safeguard or a recommendation).

In other words, reducing the probabilities of occurrence of a hazardous event and its associated consequences (such as a harm or loss), may be appraised in terms of real monetary value or by using the "utility function," which is calculated above as the Risk Reduction Effectiveness, or RRE.
There is a relationship between the cost due to a consequence flowing from a hazardous event, (in other words, the cost of a loss), and the cost for controlling or reducing the risk of that consequence occurring.
Observing the relation between the cost required to control the risk and the level of risk reduction achieved enables reaching a decision whereby some residual risk may be accepted.
Reviewing Equation 8 below, a cost benefit analysis may be arrived at by appreciating that there is a cost to implementing a safeguard (ie: capital expenditure and operating costs), as well as a benefit to implementing a safeguard (ie: when a control solution is successful in preventing a hazardous event from causing harm or loss; the potential monetary hypothetical loss may be considered a gain or benefit, in the calculations below):
Capital Cost of 4. Operational Cost Anticipated future added IPL of added IPL/year * useful life of IPL (years) Ratio of Cost to Benefit \¨

Anticipated future Value of avoided r 1/PFD
useful life of IPL (years) * loss prevented *
try IPL \,..1/MF -1/PFD
Equation 8 Wherein, IPL is an independent protection layer, otherwise referred to as an independent safeguard.
System In some aspects of the present disclosure, the various methods disclosed herein may be implemented, in some embodiments, through the use of software or computer code, the software programmed to store the processed data and retrieve the processed data from a relational database. For example, not intended to be limiting, in one embodiment of the present disclosure the relational database may advantageously be located on a cloud-based server, and the software or applications that retrieve the processed data and perform analytics on the processed data may reside on the same cloud-based server or servers. End users of the system may access the software through a general purpose computer loaded with internet browser software, and the internet browser may be utilized to access the software and database through a secured internet portal, whereby access to the portal is granted after authenticating that the user has authority to access the data, for example by use of a username and password, or other authentication means known to a person skilled in the art.
In one embodiment, the user may access their processed PHA data through the portal, but may be restricted from accessing PHA
data in the relational database provided by other sources. In such embodiments, the user may only gain access to PHA data from sources other than the user in the form of analytic reports produced by a controller of the software, whereby the PHA data from other sources is provided in aggregate form only (for example, not intended to be limiting, the aggregate data presented in an output, the output presented in the form of a benchmark profile line, representing an average analytic calculated from selected benchmark facilities operated by operators other than the user). It will be appreciated by a person skilled in the art that other system designs for implementing the methods described herein are also intended to be included in the scope of the present disclosure. An example of a PHA Analytics system, not intended to be limiting, is illustrated in Fig. 13.

Claims

WHAT IS CLAIMED IS:
1. A method for improving process safety of a facility of an operator, the method comprising:
processing a plurality of process hazard analysis (PHA) data sets to generate a relational database, wherein at least one PHA data set relates to the facility, the processing steps including:
categorizing and classifying data elements of each PHA data set into corresponding categories and classifications which are consistent between all PHA data sets, generating a plurality of hazardous scenarios by identifying a plurality of hazardous events and assigning said data elements to each hazardous event, grouping together two or more of said hazardous scenarios so as to generate a group representation, wherein the said two or more hazardous scenarios share at least a common hazardous event and a common said data element, performing a risk analysis procedure on an identified hazardous event in the relational database, the identified hazardous event belonging to at least one hazardous scenario forming at least one grouped representation in the relational database, the performing steps comprising:
identifying one or more causes of the identified hazardous event and a frequency of each identified one or more causes, identifying one or more safeguards of the identified hazardous event impacting each cause and a probability of failure on demand (PFD) of each identified safeguard, calculating a mitigated frequency of each cause of the identified hazardous event by multiplying the frequency of each cause by the PFD of each safeguard impacting each cause, calculate a total mitigated frequency of the identified hazardous event by summing the mitigated frequency of each cause, comparing the total mitigated frequency to a tolerable frequency of the identified hazardous event, outputting a recommendation for reducing the risk of the identified hazardous event of the facility when the total mitigated frequency exceeds the tolerable frequency, implementing the at least one recommendation at the facility.
CA3036543A 2019-03-13 2019-03-13 Methods and systems for implementing and monitoring process safety management Abandoned CA3036543A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CA3036543A CA3036543A1 (en) 2019-03-13 2019-03-13 Methods and systems for implementing and monitoring process safety management
US17/438,680 US20220148114A1 (en) 2019-03-13 2020-03-13 Methods and systems for implementing and monitoring process safety management
CA3133390A CA3133390A1 (en) 2019-03-13 2020-03-13 Methods and systems for implementing and monitoring process safety management
PCT/CA2020/050343 WO2020181392A1 (en) 2019-03-13 2020-03-13 Methods and systems for implementing and monitoring process safety management

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CA3036543A CA3036543A1 (en) 2019-03-13 2019-03-13 Methods and systems for implementing and monitoring process safety management

Publications (1)

Publication Number Publication Date
CA3036543A1 true CA3036543A1 (en) 2020-09-13

Family

ID=72560244

Family Applications (2)

Application Number Title Priority Date Filing Date
CA3036543A Abandoned CA3036543A1 (en) 2019-03-13 2019-03-13 Methods and systems for implementing and monitoring process safety management
CA3133390A Pending CA3133390A1 (en) 2019-03-13 2020-03-13 Methods and systems for implementing and monitoring process safety management

Family Applications After (1)

Application Number Title Priority Date Filing Date
CA3133390A Pending CA3133390A1 (en) 2019-03-13 2020-03-13 Methods and systems for implementing and monitoring process safety management

Country Status (1)

Country Link
CA (2) CA3036543A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112561260A (en) * 2020-12-03 2021-03-26 中电科新型智慧城市研究院有限公司 Intelligent management method, system, terminal and storage medium for urban safety hidden danger

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112561260A (en) * 2020-12-03 2021-03-26 中电科新型智慧城市研究院有限公司 Intelligent management method, system, terminal and storage medium for urban safety hidden danger

Also Published As

Publication number Publication date
CA3133390A1 (en) 2020-09-17

Similar Documents

Publication Publication Date Title
Berg Risk management: procedures, methods and experiences
Øien et al. Building safety indicators: Part 1–theoretical foundation
Mhetre et al. Risk management in construction industry
Reniers et al. Continuously and simultaneously optimizing an organization’s safety and security culture and climate: the Improvement Diamond for Excellence Achievement and Leadership in Safety & Security (IDEAL S&S) model
Ekwere Framework of effective risk management in small and medium enterprises (SMESs): a literature review
US20220148114A1 (en) Methods and systems for implementing and monitoring process safety management
Kleindorfer et al. Assessment of catastrophe risk and potential losses in industry
Valis et al. Selected overview of risk assessment techniques
Chawan et al. Software risk management
Patil et al. Business risk in early design: A business risk assessment approach
Sheikhalishahi et al. Human factors effects and analysis in maintenance: a power plant case study
Xing et al. Dynamic business continuity assessment using condition monitoring data
Yang et al. Risk influence frameworks for activity-related risk analysis during operation: a literature review
He et al. Risk-based quality accident ranking approach using failure mechanism and Axiomatic domain mapping
Crespo Márquez et al. The maintenance management framework: A practical view to maintenance management
Bashynska et al. Risk Management. Lecture course: textbook
Guo et al. Risk assessment of infrastructure system of systems with precursor analysis
Ismail The requirements for maintenance management systems (MMS) at Malaysian polytechnic: a case study
CA3133390A1 (en) Methods and systems for implementing and monitoring process safety management
Reitšpís et al. Selection and application of appropriate analytical methods needed to assess the risks reducing the security of the protected system
Budiraharjo et al. IMARA: A New Approach to Multi-Attribute Risk Assessment based on Event Data Weighting (Case Study in a Container Terminal)
Kostogryzov et al. The estimation of probabilistic risks for the performance of system human resource management process
Lyon et al. Risk assessment fundamentals
Karthick et al. Investigation of Human Errors Using Fuzzy-Bayesian Belief Networks
Sarkar A conceptual framework for supply chain risk management

Legal Events

Date Code Title Description
FZDE Discontinued

Effective date: 20220915

FZDE Discontinued

Effective date: 20220915